Amendments to the Claims 

Please amend the claims as indicated in the following listing of claims. This 
listing replaces all prior listings of the claims. 

1 . (Currently Amended) A method in a data processing system for 
requesting a digital certificate from a certificate authority and archiving an encryption 
key outside of the certificate authority, comprising: 

receiving a request from a user for a digital certificate , the request 
including an encryption key associated with the user : aftd 

encrypting the user's encryption key with a first archival key: 

storing the encrypted user's encryption key in a database under the 
control of a first entity separate from the certificate authority: 

providing an indication of proof of storing the encrypted user's 
encryption key, wherein the indication of proof is signed with a second archival key: 

verifying the signed indication of proof based on the first archival key: 

and 

providing the reguest to the certificate authority based on the 
verification of the signed indication of proof. 

roco i v i ng an i nd i cat i on of proof of archiva l of th e us e r' s e ncrypt i on k e y 
assoc i at e d w i th th e r e qu es t, wh e r ei n th e us e r' s e ncrypt i on k e y is arch i v e d und e r 
contro l of an e nt i ty oth e r than th e c e rt i f i cat e author i ty. 
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2. (Currently Amended) The method of claim 1 , further comprising 
the step of sending a digital certificate from the certificate authority to the user in 
response to the certificate authority receiving request associat e d w i th th e us e r i n 
r e spons e to th e r e co i vod r e qu e st and i nd i cat i on of proof of arch i va l. 



3. (Currently Amended) The method of claim 1 , wherein encrypting 
the user's encryption key with a first archival key is performed by the first entity. 

further compr i cing tho stop of roce i v i ng the user's encryption k e y . 



4. (Currently Amended) The method of claim 3, further comprising: 
encrypting the reguest with a transport key: and 

sending the transport encrypted reguest to the first entity. 

whoro i n tho encryption key is oncryptod during transm i ssion, and 
whoro i n tho method further compr i cos tho stop of decrypting tho oncryptod 
e ncryption k e y. 

5. (Currently Amended) The method of claim further 

comprising: 

decrypting, by the first entity, the transport encrypted reguest. 
whoroin th e e ncrypt i on k e y is th e user's pr i vat e k e y. 
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6. (Currently Amended) The method of claim 4, wherein the data 
proc e ss i ng syst e m compr i s e s first entity is a data recovery manager that receives 
and manages archiving of the encryption key, and wherein the transport key 
e ncrypt i on key i s e ncrypt e d dur i ng transm i ss i on using the data recovery manager's 
public transport key. 

7. (Currently Amended) The method of claim + 6, wherein the 
second archival key is a data recovery manager private key. 

ind i cat i on of proof of archiva l is digitally s i gn e d, and wh e r ei n th e 
m e thod furth e r compr i s e s th e st e p of v e r i fy i ng a d i g i ta l signatur e on th e i nd i cat i on of 
proof of arch i val. 

8. (Currently Amended) The method of claim 7 1, wherein providing 
an indication of proof of storing the encrypted user's encryption key includes signing, 
by the first entity, the indication of proof, and wherein verifying the signed indication 
of proof is pert'ormed by a second entity separate from the first entity and the 
certificate authority. 

tho data proce s s i ng syst e m i nc l ud es a data r e cov e ry manag e r that 
r e c ei v e s and manages archiving of tho encrypt i on key, and whoro i n the i ndication of 
proof of arch i va l is dig i ta ll y s i gned by tho data recovery manager. 

9. (Original) The method of claim 1 , wherein the user's encryption 
key is archived under control of the user. 



1 0. (Currently Amended) A method in a data processing system for 
requesting a digital certificate from a certificate authority and archiving an encryption 
key outside of the certificate authority, comprising: 

diqitallv signing an indication of proof of archival of an encn/ption key 
for the user in a database under the control of an entity separate from the certificate 
authority: 

verifying the digitally signed indication of proof: 
sending a request for a digital certificate based on the verifvingv -tl=^ 
request hav i ng an ind i cation of proof of arch i va l of an oncrypt i on key for th e us e r ; and 
receiving a digital certificate in response to the request. 

11. (Canceled). 

12. (Currently Amended) A method in a data processing system for 
archiving an encryption key by aft a first entity other than a certificate authority, 
comprising: 

receiving an encryption key for archiving; 
archiving the received encryption key; 

creating an indication of proof of archival of the received encryption key; 
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s e nd i ng providing the indication of proof of archival to a second entity 
that verifies the indication of proof and provides a request for a digital certificate from 
the certificate authority based on a verified indication of proof . 

1 3. (Original) The method of claim 1 2, further comprising the step of 
digitally signing the indication proof of archival. 

1 4. (Currently Amended) The method of claim 1 3, wherein the 
archiving step further comprises step archiving the received encryption under control 
of a user. 

1 5. (Currently Amended) A data processing system for requesting a 
digital certificate from a certificate authority and archiving an encryption key outside 
of the certificate authority, comprising: 

a memory having program instructions; and 

a processor configured to execute the program instructions to receive a 
request from a user for a digital certificate. afl4 receive an indication of proof of 
archival of the user's encryption key associated with the request, verify the indication 
of proof, wherein the user's encryption key is archived under control of an entity other 
than the certificate authority , and provide the reguest to the certificate authority 
based on the verification of the indication of proof . 
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16. (Currently Amended) A data processing system for requesting a 
digital certificate from a certificate authority and archiving an encryption key outside 
of the certificate authority, comprising: 

a memory having program instructions; and 

a processor configured to execute the program instructions to send a 
request for a digital certificate, the request having aft a verified indication of proof of 
archival of an encryption key for the user in an entity separate from the certificate 
authority , and receive a digital certificate in response to the request. 

1 7. (Currently Amended) A data processing system for archiving an 
encryption key by an entity other than a certificate authority, comprising: 

a memory having program instructions; and 

a processor configured to execute the program instructions to receive 
an encryption key for archiving, archive the received encryption key, create an 
indication of proof of archival of the received encryption key, and send the indication 
of proof of archival to an entity that provides a request for a digital certificate to the 
certificate authority based on a verification of the indication of proof of archival . 

18. (Original) A data processing system for requesting a digital 
certificate from a certificate authority and archiving an encryption key under control of 
an entity other than the certificate authority, comprising: 
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a registration manager configured to receive a digital certificate request 
including a user's encryption key, send the user's encryption key, and in response 
receive an indication of proof of archival; 

a data recovery manager configured to receive the user's encryption 
key, send the user's encryption key to a database controlled by an entity other than 
the certificate authority for archiving, create an indication of proof archival and send 
the indication of proof of archival; 

a certificate authority configured to issue a digital certificate when it is 
determined that an indication proof of archival was received; and 

a database, under control of an entity other than the certificate 
authority, configured to receive and archive the user's encryption key. 

19. (Currently Amended) A computer-readable medium containing 
instructions for controlling a data processing system to perform a method for 
requesting a digital certificate from a certificate authority and archiving an encryption 
key outside of the certificate authority, the method comprising the steps of: 

receiving a request including a user's encryption key from a user for a 
digital certificate; af»4 

receiving an indication of proof of archival of the user's encryption key 
associated with the request, wherein the user's encryption key is archived under 
control of an entity other than the certificate authority^ 

verifying the indication of proof; and 
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receiving a digital certificate from the certificate authority based on the 
verified indication of proof, 

wherein the data processing system comprises a data recovery 
manager separate from the certificate authority that receives and manages archiving 
of the encn/ption key, and wherein the user's encn/ption key is encrypted during 
transmission from the user using the data recovery manager's public transport key . 

20. (Original) The computer-readable medium of claim 19, wherein 
the method further comprises the step of sending a digital certificate associated with 
the user in response to the received request and indication of proof of archival. 

21 . (Currently Amended) The computer-readable medium of claim 
19, wherein the data processing system includes a registration manager separate 
from the certificate authority that sends the encrypted user's encryption key to the 
data recovery manager. 

the method furthor compr i s e c the stop of roco i ving tho usor'c oncrypt i on 

22. (Canceled) 

23. (Canceled) 

24. (Canceled) 
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25. (Original) The computer-readable medium of claim 19, wherein 
the indication of proof of archival is digitally signed, and wherein the method further 
comprises the step of verifying a digital signature on the indication of proof of 
archival. 

26. (Currently Amended) The computer-readable medium of claim 
25, wherein the data prococs i ng syctom includos a data recovery manager that 
rocoivos and managoc archiv i ng of tho e ncryption koy, and whoro i n tho indicat i on of 
digitaliv signs the p roof of archival is d i g i tal l y c i gnod by tho data rocovory manager . 

27. (Original) The computer-readable medium of claim 19, wherein 
the user's encryption key is archived under control of the user. 

28. (Currently Amended) A computer-readable medium containing 
instructions for controlling a data processing system to perform a method for 
requesting a digital certificate from a certificate authority and archiving an encryption 
key outside of the certificate authority, the method comprising the steps of; 

digitaliv signing an Indication of proof of archival of an encrvption key 
for the user in a database under the control of an entitv separate from the certificate 
authority; 

verifying the digitally signed Indication of proof; 



-10- 



sending a request for a digital certificate based on the verified diqitallv 
signed indication of proo f , th e r e qu e st hav i ng an i ndication of proof of arch i va l of an 
encrypt i on k e y for th e us e r ; and 

receiving a digital certificate in response to the request. 



29. (Canceled) 

30. (Currently Amended) A computer-readable medium containing 
instructions for controlling a data processing system to perform a method for 
archiving an encryption key by aft first entity other than a certificate authority, the 
method comprising the steps of: 

receiving an encryption key for archiving; 
archiving the received encryption key; 

creating an indication of proof of archival of the received encrypfion key; 

and 

s e nd i ng providing the indication of proof of archival to a second entity 
that provides a request for a digital certificate from the certificate authority based on a 
verification of the indication of proof. 



31 . (Original) The computer-readable medium of claim 30, wherein 
the method further comprises the step of digitally signing the indication proof of 
archival. 
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32. (Original) The computer-readable medium of claim 31 , wherein 
the archiving step further comprises the step of archiving the received encryption key 
under control of a user. 

33. (Currently Amended) A data processing system for requesting a 
digital certificate from a certificate authority and archiving an encryption key outside 
of the certificate authority, comprising: 

means for receiving a request from a user for a digital certificate , the 
request including an encryption key associated with the user : a«4 

means for encrypting the user's encryption key with a first archival key: 

means for storing the encrypted user's encryption key in a database 
under the control of a first entity separate from the certificate authority: 

means for providing an indication of proof of storing the encrypted 
user's encryption key, wherein the indication of proof is signed with a second archival 
keyi 

means for verifying the signed indication of proof based on the first 
archival key: and 

means for providing the request to the certificate authority based on the 
verification of the signed indication of proof. 

moans for r e ce i v i ng a r e quest from a usor for a d i g i ta l c e rt i f i cat e ; and 
moans for r e c ei v i ng an i nd i cation of proof of arch i va l of th e us e r's 
encryption k e y a s soc i atod with th e r e quest, wh e r ei n th e us e r's e ncryption k e y i s 
archiv e d undor contro l of an ent i ty oth e r than th e c e rt i ficat e author i ty. 
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